CVE-2021-40526

EPSS 0.81%
Veröffentlicht 25.10.2021 11:15:07
Zuletzt bearbeitet 21.11.2024 06:24:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Onepeloton ≫ Ttr01 Firmware Version <= ptv55g

Onepeloton ≫ Ttr01 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.81%	0.735

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
cve@mitre.org	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

https://twitter.com/ROPsicle/status/1438216078103044107?s=20

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-40526

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40526

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40526

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-40526